level 15 -> 16 [assassin@localhost assassin]$ cat zombie_assassin.c /* The Lord of the BOF : The Fellowship of the BOF - zombie_assassin - FEBP*/ #include #include main(int argc, char *argv[]){char buffer[40]; if(argc < 2){printf("argv error\n");exit(0);} if(argv[1][47] == '\xbf'){printf("stack retbayed you!\n");exit(0);} if(argv[1][47] == '\x40') { printf("library retbayed you, too!!\n"); exit(0); } // strncp.. 더보기 level 14 -> 15 [giant@localhost giant]$ cat assassin.c /* The Lord of the BOF : The Fellowship of the BOF - assassin - no stack, no RTL*/ #include #include main(int argc, char *argv[]){char buffer[40]; if(argc < 2){printf("argv error\n");exit(0);} if(argv[1][47] == '\xbf'){printf("stack retbayed you!\n");exit(0);} if(argv[1][47] == '\x40') { printf("library retbayed you, too!!\n"); exit(0); } strcpy(buffer, ar.. 더보기 level 13 -> 14 [bugbear@localhost bugbear]$ cat giant.c /* The Lord of the BOF : The Fellowship of the BOF - giant - RTL2*/ #include #include #include main(int argc, char *argv[]){char buffer[40];FILE *fp;char *lib_addr, *execve_offset, *execve_addr;char *ret; if(argc < 2){printf("argv error\n");exit(0);} // gain address of execvefp = popen("/usr/bin/ldd /home/giant/assassin | /bin/grep libc | /bin/awk '{print.. 더보기 이전 1 ··· 14 15 16 17 18 19 20 ··· 27 다음
